Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 5550 block memory depleted

Currently running (2) ASA 5550's in LAN failover configuration ASA ver 8.3(2) . Intermittently the firewall will failover. And it will do this several times with a half hour or so time frame. Error message in syslogs is:

%ASA-3-105010   which is "Block memory was depleted. This is a transient message and the adaptive security appliance should recover.

Recommended Action: Use the show blocks command to monitor the current block memory.

What could be causing this issue? Is there a fix for this issue?

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Re: ASA 5550 block memory depleted

Hi Kristen,

As a best practice, yes all interfaces should have a standby IP address assigned. If you have 'logging standby' enabled, this would be enough to trigger the bug I mentioned before. I would suggest adding the standby IP address to the management interface and then monitoring to ensure the block depletion stops.

Hope that helps.

-Mike

6 REPLIES
Gold

ASA 5550 block memory depleted

Hi Kristen,

Which block sizes are being depleted? Can you post the output of 'show block' for us?

-Mike

New Member

Re: ASA 5550 block memory depleted

Size          Max          Low          CNT

       0           1450       1401          1450

       4              900          899              899

      80           5660        5525          5660

     256          3864         3608          3864

   1550        20000           0              19723

    2048        6100          6076          6100

    2560        7320          7320          7320

    4096         100           100             100

    8192          100           100             100

16384             200           200             200

65536               16              16              16

Thank you!

Gold

Re: ASA 5550 block memory depleted

Hi Kristen,

By any chance, do you have 'logging standby' configured? If so, does every interface have a standby IP address configured? If any interfaces are missing a standby IP (you can check the output of 'show failover'), you may be running into this bug:

CSCtk68555 - 1550 and 256 byte blocks may leak to 0 causing failover and data issues

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtk68555

If this is the case, you can disable 'logging standby' or assign standby IP address to each and every interface as a workaround.

-Mike

New Member

Re: ASA 5550 block memory depleted

I do have a standby IP address configured for every interface except the management interface. Should I configure a standby on the management interface?

Gold

Re: ASA 5550 block memory depleted

Hi Kristen,

As a best practice, yes all interfaces should have a standby IP address assigned. If you have 'logging standby' enabled, this would be enough to trigger the bug I mentioned before. I would suggest adding the standby IP address to the management interface and then monitoring to ensure the block depletion stops.

Hope that helps.

-Mike

New Member

Re: ASA 5550 block memory depleted

Thank you. I will do that.

1707
Views
0
Helpful
6
Replies